This method is used, for example, to validate if the given token is a valid user name when the user is configuring an ACL.
This is an optional method that improves the user experience. If your backend doesn't support
a query like this, just always throw UsernameNotFoundException.

If the user name and the password pair matches, retrieve the information about this user and
return it as a UserDetails object. User is a convenient
implementation to use, but if your backend offers additional data, you may want to use your own subtype
so that the rest of Hudson can use those additional information (such as e-mail address --- see
MailAddressResolver.)

Properties like UserDetails.getPassword() make no sense, so just return an empty value from it.
The only information that you need to pay real attention is UserDetails.getAuthorities(), which
is a list of roles/groups that the user is in. At minimum, this must contain SecurityRealm.AUTHENTICATED_AUTHORITY
(which indicates that this user is authenticated and not anonymous), but if your backend supports a notion
of groups, you should make sure that the authorities contain one entry per one group. This enables
users to control authorization based on groups.

If the user name and the password pair doesn't match, throw AuthenticationException to reject the login
attempt.

Creates a user account. Intended to be called from the setup wizard.
Note that this method does not check whether it is actually called from
the setup wizard. This requires the Jenkins.ADMINISTER permission.